location privacy‐preserving in crowdsensingsystem* · 2019. 10. 6. · three ways of privacy...

Location Privacy‐preserving in Crowdsensing System*

Professor Wanlei Zhou

Head of School of SoftwareUniversity of Technology Sydney, Australia

wanlei.zhou@uts.edu.auhttps://www.uts.edu.au/staff/wanlei.zhou

*Work is done by members of my group and through collaborations with colleagues in other universities.

❖ Background and related work

❖ Density‐based location privacy preserving

❖ Blockchain‐based location privacy preserving

❖ Economic model based location privacy preserving 

❖ Conclusions

Overview

Background: Location based services in smart cities

Location based services (LBS)1 Traffic reports and navigation2 Place of interest (POI) finder3 Advertisement

Mobile crowd sensing (MCS) applications4

Privacy issues in LBS1 Location privacy – discrete physical

locations.

Trajectory privacy – a path or trace in thegeographical space.

2

Hey..!! We have a coupon for you

We know that you prefer latte, we have a

special for it

Oh..! It seems that you were in Hawaii last week, so, you can

afford our expensive breakfast today

By the way, five of your colleagues and

your boss are currently inside

YOU ARETRACKED…

!!!!

Background: LBS

Background: LBS

Background: LBS

Background: LBS

Background: LBS

Background: LBS

Background: LBS

Background: LBS

Mobile crowdsensing

Background: Crowdsensing

Two models of task assignment 

Worker selected tasks (WST): The platform (server) publishes the tasks andthe workers autonomous select the ones they prefer.

Server assigned tasks (SAT): The worker first reports their locationinformation to the platform (server), and the server assigns tasks accordingto the worker’s location.

Background: Crowdsensing

Three ways of privacy disclosure:

Workers submit their exact location to the server to be allocated tasks more efficiently. For example: Alice submits her location coordinates (23.23, 151.2), the server knows Alice is in hospital now. 

When a worker accepts an assigned task, the server knows that worker’s future location. For example: Alice accepts the task A, then the server knows that Alice will go to task A’s location.

After completing the task, the server processes their payment, so it knows the task the worker completed. As such, completing a task reveals the worker’s previous locations.

Background: Crowdsensing

Density‐based location privacy preserving

n4n3

n1n2

CSP: Trusted cell service provider.ni: the noisy number of workers in cell i.  

Problems:

Assuming the distribution of the workers uniform is not practical.  

The partition is data‐independent.The midpoint is always chosen to partition the parent cell

Cannot prevent the location privacy disclosure in third way (payment process). 

Density‐based location preservation

To solve the problem of uneven distribution problem. 

Density‐based location preservation

Traditional quadtree Density‐based quadtree

The density‐based partition method

Density‐based location preservation

Select several initial partition points in the location domain  Calculate the differences in density between the subcells partitioned by each partition point.  Choose the subcells with the biggest differences in density as partitions.  Repeat the whole process for each subcell until the stop condition is met. 

Three stop conditions

No workers exist in the cell.  The cell is too small to be further partitioned The distribution of workers in the cell is relatively uniform. 

The maximum density difference ∆𝑑 is used to measure whether the worker location distribution is uniform. 

Differential privacy data release

Density‐based location preservation

Task assignment 

Density‐based location preservation

Worker acceptance probability Geocast region selection Standard:1. The distance between the selected cell and the task should be as small as possible and within the maximum travel distance of the workers. 2. The acceptance probability of the geocast region should reach the expected task assignment success rate. 3. The number of notified workers should be as small as possible. 

Task assignment 

Density‐based location preservation

Geocast region selection 

Simulation settings

Density‐based location preservation

Metrics1. Task assignment success rate (TASR)2. Average travel distance (ATD)3. Average notified workers (ANW)

Comparison1. DP‐GRB: the proposed method 2. UP‐GRB: the method with uniformed partitions and a balanced geocastregion construction. 3. UP‐GRS: gives priority to the task assignment success rate. 

Simulation settings

Density‐based location preservation

Parameters 

Parameter Description Value Default

𝜖 Privacy budget 0.1 – 1.0 1.0

MTD Maximum travel distance 1km ‐ 5km 5km

ESR Expected success rate 0.3 ‐ 0.9 0.8

Simulation results

Density‐based location preservation

Figure. Performance by varying 𝜖

Simulation results

Density‐based location preservation

Figure. Performance by varying 𝜖

Simulation results

Density‐based location preservation

Figure. Performance by varying 𝜖

Simulation results

Density‐based location preservation

Figure. Performance by varying MTD

Simulation results

Density‐based location preservation

Figure. Performance by varying ESR

Possible solutions to tackle the privacy disclosed problem in the payment process

Blockchain‐based location privacy preserving

Involve a trustworthy third party in the payment process. ChallengesHow to guarantee that the third party’s payment process is precise and secure?How to instil the worker trust in the third party? 

Use blockchains:  Anonymous account information.  Payment information is not associated with the worker’s real identity.  Character of immutability. 

Concern Character of transparency. 

The proposed framework

Blockchain‐based location preservation

Adversary model 

Blockchain‐based location preservation

Assumptions.All the participants on the blockchain network are untrusted except agents with private blockchans. 

Attackers. Participants in the public blockchain. WorkersAgents

Overview of executive process

Blockchain‐based location preservation

Overview of executive process

Blockchain‐based location preservation

Register (Public blockchain)  Task assignment Smart contract creation in the public blockchain Transfer tasks to the private blockchain Register (Private blockchain) Smart contract creation in the private blockchain Upload sensory data Payment 

Blockchain‐based location preservation

Privacy1. Cloaking region technology is used to upload worker’s location information2. The workers are anonymized and the private blockchain is used to distribute the transaction records. 3. Cryptocurrency is not authenticated with the worker’s real identify. 

Security The consensus protocol of the blockchain ensures that the smart contracts are executed correctly. The combination of the smart contract the a deposit‐based mechanism ensures fair trading. 

Economic Model based Trajectory Privacy Preserving

Proposed solution: enhancing thelocation privacy of mobile crowdsensingparticipants by eliminating the generalbidding (step 2) and task assignment(step 3) processes

Problem formulation

The Monopoly Model Based Scheme (MMBS)

Cournot’s Oligopoly Model Based Scheme (COMBS)

Simulation Setups

Simulation Results

Simulation Results

Simulation Results

Simulation Results

Conclusions

• We investigate the location privacy problem from a different angle: reducing the informationsharing. This new category of privacy preservation mechanism can be used with methods inother categories at the same time.

• We proposed a density-based location preservation mechanism for crowdsensing techniques that satisfies differential privacy, providing rigorous protection of worker locations. The partitioning method is based on worker density and considers non-uniform worker distribution.

• We propose a private Blockchain based method for task payment that effectively preserves individual privacy in the entire crowdsensing system.

• We propose a framework which enhances the location privacy of mobile crowdsensingparticipants by eliminating the general bidding and task assignment processes. And economicmodel is used to solve the optimization problem.

Selected publications

• Bo Liu, Wanlei Zhou, Tianqing Zhu, Yong Xiang, and Kun Wang, Location Privacy in Mobile Applications. Springer 2018, ISBN 978-981-13-1704-0.

• Youyang Qu, Shui Yu, Longxiang Gao, Wanlei Zhou, Sancheng Peng, A Hybrid Privacy Protection Scheme in Cyber-Physical Social Networks. IEEE Trans. Comput. Social Systems 5(3): 773-784 (2018)

• Mengmeng Yang, Tianqing Zhu, Yang Xiang, Wanlei Zhou, Density-Based Location Preservation for Mobile Crowdsensing With Differential Privacy. IEEE Access 6: 14779-14789 (2018)

• Bo Liu, Wanlei Zhou, Tianqing Zhu, Longxiang Gao, Yong Xiang, Location Privacy and Its Applications: A Systematic Study. IEEE Access 6: 17606-17624 (2018)

• Bo Liu, Wanlei Zhou, Tianqing Zhu, Haibo Zhou, Xiaodong Lin, Invisible Hand: A Privacy Preserving Mobile Crowd Sensing Framework Based on Economic Models. IEEE Trans. Vehicular Technology 66(5): 4410-4423 (2017)

• Tianqing Zhu, Gang Li, Wanlei Zhou, Philip S. Yu, Differentially Private Data Publishing and Analysis: A Survey. IEEE Trans. Knowl. Data Eng. 29(8): 1619-1638 (2017)

• Bo Liu, Wanlei Zhou, Tianqing Zhu, Longxiang Gao, Tom H. Luan, Haibo Zhou, Silence is Golden: Enhancing Privacy of Location-Based Services by Content Broadcasting and Active Caching in Wireless Vehicular Networks. IEEE Trans. Vehicular Technology 65(12): 9942-9953 (2016)